High severity7.5NVD Advisory· Published Jan 27, 2018· Updated Jun 17, 2026
CVE-2017-18077
CVE-2017-18077
Description
index.js in brace-expansion before 1.1.7 is vulnerable to Regular Expression Denial of Service (ReDoS) attacks, as demonstrated by an expand argument containing many comma characters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
brace-expansionnpm | < 1.1.7 | 1.1.7 |
Affected products
1Patches
Vulnerability mechanics
References
8- github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3nvdPatchThird Party AdvisoryWEB
- github.com/juliangruber/brace-expansion/issues/33nvdExploitIssue TrackingPatchThird Party AdvisoryWEB
- nodesecurity.io/advisories/338nvdExploitThird Party Advisory
- bugs.debian.org/862712nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-832h-xg76-4gv6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-18077ghsaADVISORY
- github.com/juliangruber/brace-expansion/pull/35ghsaWEB
- www.npmjs.com/advisories/338ghsaWEB
News mentions
0No linked articles in our index yet.